ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "bjfree@free-man.net" <bjf...@free-man.net>
Subject Re: ofbiz security corrupted?
Date Fri, 03 Oct 2008 09:04:04 GMT
not sure why createUpdateCustomerInfo
is being called when are creating a customer.
the problem is an the userlogin is an anonymous so there are no permissions.


Phillip Rhodes wrote:
> Hi Everyone,
> I am really trying to dig in but I am coming up empty.  The problem has 
> just appeared suddenly  without any changes to the system (that I am 
> aware of).  The problem is when I try to checkout in ecommerce without a 
> login, it fails with a permission denied error.  I setup another ofbiz 
> instance and did a seed and verified counts for the security tables, did 
> lots of searches in the code and found PartyContactMechServices.xml
> I think this is what is throwing the error:
>           <check-permission permission="PARTYMGR" action="_PCM_CREATE">
>                 <fail-property resource="PartyUiLabels" 
> property="PartyPermissionErrorForThisParty"/>
>             </check-permission>
> 
> I super-would appreciate some pointers on other places to look.
> Phillip
> 
> 
> 
> here is what is on screen:
> ERROR: Could not complete the Create or Update Customer Info 
> [file:/usr/local/calgon/ofbiz/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml#createUpdateCustomerInfo]

> process [problem invoking the [createPartyTelecomNumber] service with 
> the map named [homePhoneMap] containing [{extension=null, 
> contactNumber=3378, partyId=10711, areaCode=363, allowSolicitation=null, 
> locale=en_US, countryCode=412, contactMechPurposeTypeId=PHONE_HOME, 
> userLogin=[GenericEntity:UserLogin][createdStamp,2007-10-11 
> 22:25:15.0(java.sql.Timestamp)][createdTxStamp,2007-10-11 
> 22:25:11.0(java.sql.Timestamp)][currentPassword,anonymous(java.lang.String)][disabledDateTime,null()][enabled,null()][hasLoggedOut,null()][isSystem,null()][lastCurrencyUom,null()][lastLocale,null()][lastUpdatedStamp,2008-05-02

> 19:24:47.0(java.sql.Timestamp)][lastUpdatedTxStamp,2008-05-02 
> 19:24:47.0(java.sql.Timestamp)][partyId,10711(java.lang.String)][passwordHint,null()][successiveFailedLogins,null()][userLoginId,anonymous(java.lang.String)]}]:

> Problems with the transaction. (The current transaction is marked for 
> rollback, not beginning a new transaction and aborting current 
> operation; the rollbackOnly was caused by: Service Error 
> [createPartyContactMechPurpose]: You do not have permission to perform 
> this operation for this party.)]
> 
> Here is the log excerpt:
> 2008-10-03 02:06:22,124 (TP-Processor3) [     
> RequestHandler.java:236:INFO ] [Processing Request]: 
> processCustomerSettings sessionId=B876E1C0558EFF2770C69347CD6E9D8B.jvm1
> 2008-10-03 02:06:22,154 (TP-Processor3) [            
> UtilXml.java:243:DEBUG] XML Read 0.029s: 
> file:/usr/local/calgon/ofbiz/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml

> 
> 2008-10-03 02:06:22,159 (TP-Processor3) [       
> SimpleMethod.java:616:INFO ] No response code string or errors found, 
> assuming success; returning code [success]
> 2008-10-03 02:06:22,171 (TP-Processor3) [     
> ServiceEcaRule.java:137:INFO ] Running Service ECA Service: 
> ensureNaPartyRole, triggered by rule on Service: createPerson
> 2008-10-03 02:06:22,195 (TP-Processor3) [            
> UtilXml.java:243:DEBUG] XML Read 0.024s: 
> file:/usr/local/calgon/ofbiz/applications/party/script/org/ofbiz/party/party/PartySimpleMethods.xml

> 
> 2008-10-03 02:06:22,200 (TP-Processor3) [                Log.java:94 
> :INFO ] CreatePerson : 10711
> 2008-10-03 02:06:22,201 (TP-Processor3) [                Log.java:94 
> :INFO ] UserLogin : [GenericEntity:UserLogin][createdStamp,2007-10-11 
> 22:25:15.0(java.sql.Timestamp)][createdTxStamp,2007-10-11 
> 22:25:11.0(java.sql.
> Timestamp)][currentPassword,anonymous(java.lang.String)][disabledDateTime,null()][enabled,null()][hasLoggedOut,null()][isSystem,null()][lastCurrencyUom,null()][lastLocale,null()][lastUpdatedStamp,2008-05-02

> 19:24:47.0
> (java.sql.Timestamp)][lastUpdatedTxStamp,2008-05-02 
> 19:24:47.0(java.sql.Timestamp)][partyId,10711(java.lang.String)][passwordHint,null()][successiveFailedLogins,null()][userLoginId,anonymous(java.lang.String)]

> 
> 2008-10-03 02:06:22,241 (TP-Processor3) [            
> UtilXml.java:243:DEBUG] XML Read 0.039s: 
> file:/usr/local/calgon/ofbiz/applications/party/script/org/ofbiz/party/party/PartyServices.xml

> 
> 2008-10-03 02:06:22,276 (TP-Processor3) [            
> UtilXml.java:243:DEBUG] XML Read 0.026s: 
> file:/usr/local/calgon/ofbiz/applications/party/script/org/ofbiz/party/contact/PartyContactMechServices.xml

> 
> 2008-10-03 02:06:22,313 (TP-Processor3) [            
> UtilXml.java:243:DEBUG] XML Read 0.033s: 
> file:/usr/local/calgon/ofbiz/applications/party/script/org/ofbiz/party/contact/ContactMechServices.xml

> 
> 2008-10-03 02:06:22,319 (TP-Processor3) [                Log.java:94 
> :INFO ] Contact mech created with id 11051
> 2008-10-03 02:06:22,320 (TP-Processor3) [                Log.java:94 
> :INFO ] ContactMech created
> 2008-10-03 02:06:22,320 (TP-Processor3) 
> [FlexibleStringExpander.java:355:WARN ] Could not find value in 
> environment for the name [parameters.contactMechId], inserting nothing.
> 2008-10-03 02:06:22,321 (TP-Processor3) [                Log.java:94 
> :INFO ] Creating a PartyContactMech with id:
> 2008-10-03 02:06:22,324 (TP-Processor3) [     
> ServiceEcaRule.java:137:INFO ] Running Service ECA Service: 
> createPartyContactMechPurpose, triggered by rule on Service: 
> createPartyContactMech
> 2008-10-03 02:06:22,325 (TP-Processor3) [  
> ServiceDispatcher.java:419:ERROR] Service Error 
> [createPartyContactMechPurpose]: You do not have permission to perform 
> this operation for this party.
> 2008-10-03 02:06:22,326 (TP-Processor3) [    
> TransactionUtil.java:291:WARN ]---- exception report 
> ----------------------------------------------------------[TransactionUtil.setRollbackOnly]

> Calling transaction setRollbackOnly; this stack trace shows where this 
> is happening:Exception: java.lang.ExceptionMessage: Service Error 
> [createPartyContactMechPurpose]: You do not have permission to perform 
> this operation for this party.
> 
> 
> 

Mime
View raw message